Descrição do problema

The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x
before 2.2.16 allow remote attackers to cause a denial of service
(process crash) via a request that lacks a path (CVE-2010-1452).

mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix,
does not close the backend connection if a timeout occurs when reading
a response from a persistent connection, which allows remote attackers
to obtain a potentially sensitive response intended for a different
client in opportunistic circumstances via a normal HTTP request.
NOTE: this is the same issue as CVE-2010-2068, but for a different
OS and set of affected versions (CVE-2010-2791).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490